Innovative Computing Review (ICR) 
Volume 1 Issue 1, Summer 2021 
ISSN(P): 2791-0024 ISSN(E): 2791-0032 
Journal DOI: https://doi.org/10.32350/icr 
Issue DOI: https://doi.org/10.32350/icr.0101 
Homepage: https://journals.umt.edu.pk/index.php/icr 


Article: Security and Privacy Challenges for the IOT-based Smart Journal QR 
Homes with Limited Resources and Adoption Immaturity Oreo 

Author(s): Farzana Kausar Gondal 

Affiliation: Govt. Graduate College for Women, Islampura, Lahore, Pakistan 


. . Received: March 31, 2021 
Article History: Revised: June 23, 2021 
Accepted: June 30, 2021 

Available Online: June 30, 2021 Farzana Kausar 


i, M. R. Gondal, “Security and privacy challenges for the IOT-based 
Citation: smart homes with limited resources and adoption immaturity”, 
Innov Comput Rev, vol. 1, no. 1, pp. 43-59, 2021. 
https://doi.org/10.32350/icr.0101.04 


Copyright 


Information: This article is open access and is distributed under the terms of 
Creative Commons Attribution 4.0 International License 


Esta. 1990 
A publication of the 


School of Systems and Technology 


University of Management and Technology, Lahore, Pakistan 


Security and Privacy Challenges for the IOT-based Smart Homes 
with Limited Resources and Adoption Immaturity 


Farzana Kausar Gondal! 


ABSTRACT: The Internet of Things 
(IoT) is technically a developing model 
looking at the connectivity of different 
devices or “things” to each other, as 
well as with the users and also with the 
Internet. IoT is projected to be an 
important necessity for the 
advancement of intelligent smart homes 
to facilitate homeowners because it 
provides opportuneness and 
effectiveness in order to help them 
attain an improved quality of life. The 
incorporation of IoT into smart homes 
entails integrating devices with the 
Internet. Even though it offers many 
advantages to the users, it also poses 
new security and privacy challenges 
based on connectivity, confidentiality, 
integrity, authenticity, resource 
limitation, and adoption immaturity. 
These challenges make the IoT-based 
smart homes with limited resources 
enormously susceptible to diverse 
forms of security vulnerabilities. Thus, 
it is pivotal to detect the probable 
security threats to establish a 
comprehensive and secure status of 
smart IOT-based homes. This paper 


incorporates the security risk 
assessment approach in order to 
evaluate the potential security and 
privacy risks and challenges faced by 
smart homes. The basic goal of this 
study is to identify and point up diverse 
security and privacy threats to smart 
homes and to unveil the risks for their 
residents. The paper also presents 
methods to mitigate the recognized 
dangers. This study provides a 
foundation to future applications aimed 
at refining the security necessities of the 
IoT-based smart homes. 


INDEXED TERMS: Internet of Things 
(loT), smart homes, risk assessments, 
security 


I. INTRODUCTION 


In most cases, the Internet of Things 
(IoT) is regarded as a problematic field 
with planned resolutions envisioned to 
be incorporated in diverse application 
choices [1]. Nevertheless, the 
confidentiality and safety requirements 
of critical engineering substructures and 
subtle viable processes are far different 
from the necessities of a preliminary 
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smart home setting. Moreover, the 
security implementation processes and 
infrastructure differ significantly among 
various domains of smart application 
like smart healthcare, smart home smart 
governance [2]. In the home-related 
settings, human problems are 
considered more critical than technical 
issues. Subsequent research on many 
prevailing resolutions for improving 
IoT safety is presented in this paper. It 
determines the extensive security and 
privacy challenges for the IoT-based 
smart homes with limited resources [3]. 
The primary purpose of the IoT is to 
increase the potential of the Internet by 
increasing the capability to connect with 
many devices simultaneously [4]. By 
incorporating the IoT model, the users 
obtain a platform to share equally the 
data provided by user behaviors and the 
data gathered by the linked devices in 
the physical space. 


There are diverse definitions of a 
smart home from a technical 
perspective but the primary idea is to 
link sensors, home applications and 
smart devices through the Internet to 
attain the remote monitoring, access, 
and control of a residential setting [5]. 
Therefore, the smart home setting 
targets the rich integration of minor 
computational schemes to find and 
distribute personalized amenities to the 
operators. It emphasizes the 
computerization and regulation of the 
environment to attain a secure and 
private setting [3]. Thus, all the other 
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components of computing, security and 
privacy are the main challenges for the 
designing of smart homes. Contrary to 
the enterprises which dedicate specific 
professional resources to systems 
security, IoT with limited resources 
gives smart homes a relatively ad hoc 
system with no dedicated system 
management resources, making it more 
vulnerable to privacy and security 
threats [6]. This also contributes to the 
challenge of the immature adoption of 
smart systems [7]. There is no 
awareness and adoption of these 
systems due to the lack of knowledge 
and training to use them, hence the 
security and privacy of the systems are 
compromised and not fully 
implemented. 


II. IoT AND SMART HOMES 


A smart home-based setting can be 
regarded as a limited physical space 
with various sensors, computational 
software, electronic appliances, and a 
display screen that aids the exchange of 
information and interaction between the 
residents [8]. An overview is presented 
in Figure 1. 


In many instances, IoT technology 
is expected to be implemented to the 
already existing homes, portion by 
portion, depending on the emergent 
security needs. Mostly, there is a lack of 
progressively specialized sustenance in 
the project or process stages of IoT 
placement in a smart home [9]. 
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Fig. 1. IoT- based smart home [14] 


Although there are diverse smart 
home designs, the lack of particular 
security approaches before home 
control networks are interconnected 
poses great privacy and security issues 
to smart homes. Currently, there are 
many networking standards that can be 
incorporated into smart homes such as 
Bluetooth, Wi-Fi, and Z-Wave [1]. 
Each one of these has its advantages and 
disadvantages. Moreover, imagining 
such an assorted network environment 
with diverse procedures to be 
competently secured and manageable 
presents many detrimental challenges 
[10]. The smart home offers additional 
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comfort and setting. Still, neither of the 
advantages is probable to be booked up 
if these home systems are not safe and 
trusted. In order to identify the privacy 
and security challenges, this study 
conducts the security evaluation 
approach of the IoT-based smart homes 
taking into consideration limited 
resources and immature adoption by the 
users. 


II. SECURITY AND PRIVACY THREATS 
IN THE IOT-BASED SMART HOME 


A. IoT Architecture for Smart Homes 


IoT deployment in smart homes 
entails the incorporation of different 
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Fig. 2. Smart home based IoT architecture [3] 


technologies such as Wireless Sensor 
Networks (WSNs), Internet Protocol 
(IP), Wireless Fidelity (Wi-Fi), RFID, 
Bluetooth, and different sensors [11]. 
The main goal of the IoT protocol is to 
help the users to distinctively identify, 
control and access other things at their 
convenience through the Internet [12]. 
The interrelated device network can 
yield diverse intelligence and 
independent applications that offer 
many advantages. Technically, a home 
authentication system is made up of five 
components or units. These include 
appliances under regulation, sensing 
devices and actuators, the regulator, the 
control network, and the remote-control 
devices [13]. A comprehensive image 
of the IoT devices, service providers, 
diverse layers of IoT and their probable 
safety matters are illustrated in Figure 2. 
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Even though JIoT-based smart 
homes are completely different in their 
configurations, the entire outlook of 
security issues is similarly relatable to 
the existing network connections. 


B. Threats to Smart Homes 


Although there are many threats to 
smart systems but the more critical and 
vulnerable ones encountered by smart 
homes are confidentiality, authentication, 
and unauthorized access. 


1) Confidentiality Threats. These are 
the threats that arise due to the 
breaching of the confidentiality of data 
or unauthorized access of data. For 
instance, privacy breaches in home- 
based monitoring structures can result 
in the unintentional issue of the leakage 
of subtle banking information [14]. 
Even information that is seemingly 
harmless such as the temperature of 
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internal home setting and the 
information of air conditioning system 
might be analyzed to determine if the 
house is currently occupied or not [15]. 
This acts as a basis for break-ins. 
Moreover, the loss of privacy regarding 
passwords and pin codes results in 
unauthorized access to the system. 


2) Authentication Threats. Verification 
threats can result in the identification 
and monitoring of data by unauthorized 
personnel, causing interference [1]. For 
instance, unauthenticated environment 
or user’s status signals may confuse the 
supervisor of the house into assuming 
that there is an emergency condition. 
They then rush to open doors and 
windows for the exit but, in the real 
sense, allow unauthorized entry into the 
house. Also, if software updates are not 
properly authenticated, then systems 
might as well be altered [1]. 


3) Access Threats. Access threats are 
the primary threats facing the loT-based 
smart homes. Unauthorized access to 
system controls, specifically 
administrative positions, makes the 
overall structure insecure [16]. This can 
be attained over unauthorized access via 
PIN key codes or through the use of 
illegitimate devices linked to the 
system. Even though maximum 
regulation of the system can be attained, 
still having an unofficial link to the 
system may lead to the stealing of 
network bandwidth and the denial of 
service (DOS) to genuine network 
operators [17]. Subsequently, most 


smart home appliances are wireless 
networked and battery operated with 
little operative duty sequence, thus the 
flooding of the network with many 
requirements can result in an energy 
exhaustion outbreak leading to a denial 
of services (DOS). 


C. Privacy in Smart Homes 


Privacy refers to a state of not being 
observed and disturbed by others. 
Privacy emphasizes protecting people’s 
identity, location, information, and 
movement. [18]. Smart homes’ 
sensitive information includes aspects 
such as digital information, photos, and 
videos. Smart devices with dynamic IP 
cameras can capture pictures and videos 
wherever. Feature microphones have 
the ability to snoop on personal 
discussions. There are mainly two 
privacy threats facing smart homes. 


Data Privacy Threats: Information 
confidentiality is a significant concern 
when it comes to the exchange of 
confidential data [19]. This is because 
everything is or will be connected to the 
existing internet, thus penetrating into 
the network and access to network tariff 
remains less challenging for cyber 
terrorists. By merely getting access to a 
part of the system, a hacker may obtain 
the general information about the 
homeowner [3]. 


Context-aware Privacy: Context 
cognizance entails noticing, sensing, 
and tracing operators’ movements and 
actions, as well as actions by the means 
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of data to offer amenities that might be 
of importance to them [17]. Context 
cognizance has the capability of sensing 
and responding when things change, for 
example, if devices are moved to a new 
location. 


IV. SECURITY CHALLENGES IN THE 
IOT-BASED SMART HOMES 


Security refers to a state of being 
which is free from distress [15]. 
Security deals with aspects of 
messaging, confidentiality, integrity, 
and authenticity. IoT strategies are used 
to gather and process an enormous 
quantity of individual information that 
is very delicate. Having IoT devices 
with limited resources poses greater 
risks to smart homes. Home security in 


These include aspects such as 
fingerprinting, face recognition, voice 
recognition, smart cards, and RFIDs 
that allow access and control [3]. IoT 
devices connected in smart households 
with limited resources do not have the 
required computational control and also 
have an inadequate storage capacity. 
Figure 3 shows household devices that 
require computational control. Thus, 
implementing intensive security 
solutions is a challenging approach. 


In order to provide a protected 
connection among IoT devices and the 
gateway to the smart home-based 
setting a dispersed encryption approach 
is used, for instance, triangle-based 
security algorithms. IoT-based smart 
households are extremely vulnerable to 
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Fig. 3. Smart Home Devices [13] 
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They face the following security and 
privacy challenges. 


A. Lack of Technical Support 


The absence of technical support is 
the main problem with the housed 
environment of smart homes. Households 
are loaded with monotonous, tedious, 
and fault-related physical equipment 
required to manage smart devices in the 
home network, mainly due to little 
power and little computationally 
controlled structure strategies. This can 
pose a major security issue [20]. Thus, 
for the fruitful execution of smart 
homes, the protected auto-configuration 
method is used to make the connection 


and care of smart home appliances 
easier and to enhance security. 


B. Openness of the Networked Systems 


The openness of the networked 
system is among the major weaknesses 
of the IoT-based smart households [3]. 
Smart home strategies are linked to 
cyberspace. Figure 4 highlights the 
points of weakness of systems 
corresponding to the layers of IoT. This 
provides a greater chance for attackers 
to remotely access the networks and 
control their interface, either directly or 
indirectly. They can also upload malware 
to the devices, thus interrupting the entire 
system. 
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Fig. 4. An IoT scheme from the provider, system, and operator viewpoints. The 
image pinpoints the weaknesses in the IoT layers [3] 
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C. Physical Accessibility to the System 


Physical accessibility to the system 


is another paramount safety and 
confidentiality issue of the IloT-based 
smart households [21]. The 


diversification of IoT devices is also a 
most significant and serious challenge 
that needs to be fixed on an urgent basis. 
Figure 5 illustrates the diversification of 
IoT devices in the IoT-based smart 
homes. A device comes with 
heterogeneous networking protocols 
and various supporting software as well 
as different features due to diverse 
manufacturers [3]. 


D. Data at Risk in the Cloud 


Information kept in the cloud can be 
apart from 


lost for many causes 
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malevolent attacks. Figure 6 shows the 
cloud-based architecture of a smart 
home. For instance, the unintentional 
removal of information by cloud service 
providers and unprecedented events 
such as fire outbreaks can result in the 
permanent loss of data [5]. 


E. Weak Passwords 


The use of weak passwords is 
among the biggest issues with the IoT- 
based smart homes. The users of the 
network systems need to take care of 
their passwords and should use 
authenticated passwords that they can 
easily remember [14]. Weak password 
selection also shows immaturity 
towards system use. 
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Fig. 5. Diversification of the IoT Devices [9] 
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Fig. 6. Cloud-based Architecture of a Smart Home [29] 


F. Fixed Firmware 


In most instances, to mitigate 
security vulnerabilities, reprogramming 
and software updates are needed. 
Computerized functioning systems are 
habitually automatically updated when 
safety susceptibilities are recognized 
[1]. Likewise, there are regular software 
updates sent to mobile devices such as 
smartphones, which lower security 
vulnerabilities as much as possible. 
However, smart homes have a fixed 
firmware that mostly does not support 
these dynamic patches. Firmware is a 
kind of software that is automated into 
the non-volatile memory of a smart 
device and remains an indispensable 
part of the IoT systems [22]. It 
unswervingly connects with the 
hardware and thus operates the system’s 
processes and functions by initializing 


the device interface [23]. It implies that 
a smart device’s firmware should be 
kept updated to help solve security 
susceptibilities and to advance its 
operationality. The smart home setting 
typically lacks technical assistance 
making this process challenging. There 
are limited smart home devices that 
offer steady software update services to 
resolve the existing security issues. 
Currently, there is little motivation to 
patch the software frequently and to stay 
ahead of security breaches in smart 
home appliances with low cost. 
Attackers can easily block new software 
and disguise the legitimate old firmware 
with security vulnerabilities [1]. 


G. Unsecured Network Connectivity 


Although some branded schemes 
such as smart health where 24-hour care 
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systems have well-formulated standards 
of compliant securities, most of the 
current smart homes do not have 
devices with well-implemented security 
systems [24]. As stipulated earlier, most 
smart homes rely on the Internet. 
However, many times their networks 
are not secure. This is because of the 
smart home devices. Smart homes are 
not built from scratch but they are based 
on the existing homes [4]. Thus, an 
individual cannot take steps to 
configure their wireless networks with 
the specifications of their security in 
place. Security steps are largely ignored 
during the installation of wireless 
networks which leaves the networks 
more open to anyone within the network 
connectivity range [25]. This makes it 
easy for cyber terrorists to access the 
network and spy on the information 
traffic. The leading cause of this type of 
security vulnerability is the lack of 
dedicated security personnel. Such 
personnel are expected to manage 
network complexities in smart homes 
and make them less vulnerable. Few 
households can afford these 
professionals to foster the existing need 
of network administration aid. As an 
alternative, unprofessional 
householders are assumed to have the 
abilities to manage their systems 
simply, securely, and strongly [15]. 


H. Immature of Smart 


Systems 


Adoption 


Given the idea that the IoT market 
and smart homes are relatively young 
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and immature, it is challenging to create 
indistinct workflows [23]. Most smart 
system users do not have an adequate 
experience of executing IoT 
technologies, which can be difficult 
given the inconsistency of information 
that is mostly extricated from sources in 
smart homes ranging from an array of 
sensors. There is no appropriate 
awareness and adoption of the smart 
systems [7]. This is the result of the lack 
of knowledge and adequate training 
about the use of these systems. There is 
a deficiency of dependable means to 
create the emerging smart technology 
readiness, capabilities and to avail their 
benefits. There is also an increased lack 
of systematic knowledge transfer from 
different frameworks towards the 
industry. In most cases, progressively 
technologies from their earliest stages 


are always difficult to adopt. 
Respondents lack adequate funding 
instruments required for early 
technological development. The 


challenge of quantifying the benefits 
and costs of these technologies makes it 
harder to make supportive decisions for 
their implementation [26]. 


V. EXISTING SECURITY SUPPORT 
FOR IOT 


As a result of their low cost, IoT 
devices are usually not very powerful. 
Most of these devices use less energy, 
have limited memories, and use a low- 
end microcontroller [27]. Such 
controllers have the specifications of 
standalone controllers like those in air 
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Fig. 7. Current security standards for the existing IoT security protocols [1] 


conditioners. These aspects have made 
it more challenging to integrate changes 
as a result of already designed IPs. 
Several internet services task force have 
been formulated to counter these issues. 
Their efforts regarding IoT standards 
have played a significant part in the 
formulation of the required lightweight 
communication protocols for the 
controlled environment via the existing 
IP network [28]-[30]. Even with these 
specifications put in place, there still 
exist the above discussed security and 
privacy challenges in smart homes. 
Numerous Internet Engineering Task 
Forces (IETFs) and working assemblies 
have been formulated to solve these 
issues as depicted in Figure 7 [1]. IETF 
adjustment work regarding IoT has 
played a dynamic role in the formation 
of the much needed lightweight 
communication protocols for controlled 
surroundings over the existing IP 
network [1]. Figure 7 shows the current 
security standards for the existing IoT 
security procedures. 
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VI. COUNTERMEASURES FOR THE 
SECURITY AND PRIVACY CHALLENGES 
FACING THE IOT-BASED SMART 
HOMES 


Smart homes can be made safer and 
more private in many ways. In Figure 8, 
some security vulnerabilities and 
prevention methods of an actual smart 
home setting are highlighted. 


e Security awareness and training, 
that is, providing awareness and 
training programs about possible 


security vulnerabilities and 
challenges will ensure system 
configuration and appropriate 
performance by authentic 
personnel. 

e Data encryption and 
authentication 


e Encryption and monitoring of 
network traffic 

e Monitoring systems’ performance 

e Replacement of default 
configuration 

e Secure physical locations 
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e Set-up to secure Wi-Fi networks: 
Homeowners should avoid using 
insecure network connectivity 
such as Wi-Fi that could give 


hackers access to private 
information in a smart home 
environment. 


e Homeowners should restrict 
physical access of the devices to 
unauthorized individuals. 


(Main system's gateway to internet ) 


e The use of intrusion detection 
systems can be helpful in 
monitoring and reporting possible 
attacks. 

e Also, the use of strong encryption 
mechanisms should be 
encouraged to aid in securing 
traffic transmissions. 


These are just a few measures 


Video surveillance cameras ) 


Home user 


Fig. 8. Security vulnerabilities and prevention methods of an actual smart home 
environment are highlighted [3] 


VII. CONCLUSION 


Incorporating the IoT technology in 
smart homes yields multifaceted 
outcomes. These include both 
opportunities and security threats. From 
the discussion above, it is evident that 
the IoT-based smart households are 
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extremely susceptible to diverse safety 
pressures emanating from both external 
and internal home environment. This is 
due to limited resourced devices and 
adoption immaturity linked with the 
lack of knowledge about the 
technicality of the system. If a device is 
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compromised, then its user’s privacy, 
confidentiality, and security is in great 
danger. Thus, suitable measures are 
needed to be put in place to make the 
smart home security implementation 
process a security bounded process. It 
will guarantee that all the pertinent 
fundamental security risks are 
discovered beforehand. 
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